chore: add Technolinator config for dependencytrack, setting the corr…

…ect java version (SEC-598) (#2720) Co-authored-by: Mohamad Jaara <[email protected]>
wireapp · Mar 28, 2024 · 8dbc70d · 8dbc70d
1 parent 323f244
commit 8dbc70d
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/.github/technolinator.yml b/.github/technolinator.yml
@@ -0,0 +1,18 @@
+# whether Technolinator does analysis at all; default: true
+enable: true
+# whether Technolinator shall comment vulnerability reports to pull-requests
+enablePullRequestReport: false
+analysis:
+    # whether cdxgen should scan for projects recursively in 'location' or only 'location' itself; default: true
+    recursive: true
+    # include only 'required' scoped dependencies to created BOM
+    requiredScopeOnly: false
+    # create sbom with evidence (slows down the process)
+    evidence: true
+    # exclude the kalium directory because a) it throws errors that can't be resolved and b) it doesn't matter, as its
+    # scanned as its own project anyway and it would be a duplicated effort
+    # excludes: 
+    #    - kalium
+jdk:
+    # select JDK version used by cdxgen on JVM based projects
+    version: 17